[Mimedefang] DoS? and frozen machime
Lavoie,Alain [CMC]
Alain.Lavoie at ec.gc.ca
Fri Jul 19 10:19:10 EDT 2002
Hi Everyone,
First, i want to thanks the help you gave me for the machine frozen
problem we had. I checked all your suggestions and it seem we eliminated the
problem with a the new relase of the kerne. We have Red Hat 7.3 and Ext3,
when
the file system is hit hard this froze the machine. The new kernel fixes
this problem.
Second, one of our partner and us are thinking that we are under
some
e-mail attack. We received alot of connections who made nothing or just the
command
helo/ehlo and then stop and do anything. Is someone have this problem to?
With the
log, we were able to see all e-mails (attack) was in read cmd. A solution we
take was
to change this line in sendmail.cf: O Timeout.command=30s and blacklisted
the domain
of the most important spammer.
The thing is, MIMEDefang was creating is directory
(mdefang-3D381C96-0)
in /var/spool/MIMEDefang. Every hanging e-mails has a directory and the
number
of directory was increasing very rapidly and the space decreasing at the
same rate.
This was corrected easily with a script given previously on the list :) The
other thing
is that each hanging e-mails create a process mimedefang, and after to much
mimedefang
was crashing. I don't know if there exist a timeout for this kind of problem
(or maybe
someway in mimedefang to create the directory required only when some data
enter,
only a suggestion :))
Thanks
Alain Lavoie
More information about the MIMEDefang
mailing list